Mageia alert MGASA-2024-0383 (firefox)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2024-0383: Updated rootcerts, nss & firefox packages fix security vulnerabilities | |
| Date: | Mon, 02 Dec 2024 18:17:45 +0100 | |
| Message-ID: | <20241202171745.D8EF39FF0A@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2024-0383 - Updated rootcerts, nss & firefox packages fix security vulnerabilities Publication date: 02 Dec 2024 URL: https://advisories.mageia.org/MGASA-2024-0383.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-11692, CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697, CVE-2024-11699 Description: Select list elements could be shown over another site. (CVE-2024-11692) CSP Bypass and XSS Exposure via Web Compatibility Shims. (CVE-2024-11694) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters. (CVE-2024-11695) Unhandled Exception in Add-on Signature Verification. (CVE-2024-11696) Improper Keypress Handling in Executable File Confirmation Dialog. (CVE-2024-11697) Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5. (CVE-2024-11699) References: - https://bugs.mageia.org/show_bug.cgi?id=33804 - https://www.mozilla.org/en-US/firefox/128.5.0/releasenotes/ - https://www.mozilla.org/en-US/security/advisories/mfsa202... - https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_107.html#mozilla-projects-nss-nss-3-107-release-notes - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1... SRPMS: - 9/core/rootcerts-20241119.00-1.mga9 - 9/core/nss-3.107.0-1.mga9 - 9/core/firefox-128.5.0-1.mga9 - 9/core/firefox-l10n-128.5.0-1.mga9